[CentOS6][Chef] knife-xenserverで仮想マシンをつくる


Create: 2013/08/02
LastUpdate: 2013/08/04
[メニューに戻る]

ここでは、knife-xenserver を使用して、XenServerの仮想マシンを作ってみます。

knife-xenserverは、XenServer と Chef を使って仮想マシンのプロビジョニングを行う knife のプラグインです。

 [参考サイト]

knife-xenserver を試すテスト環境では、「 [CentOS6] Chef11 + Chefspec で試すインフラの構成管理」で作成したクライアント・サーバ構成の Chef11 と「 [XenServer 6.1.0] VM作成時にIPアドレス設定」で作成した仮想マシンのテンプレートを使用します。

 [テスト環境]
  • Chef 管理サーバ
    192.168.1.67(chetos6g) ・・・ Chefサーバ + ワークステーション
  • Chef 管理対象
    192.168.1.68(centos6h) ・・・ ノード
  • XenServerホスト
    192.168.1.222

1.ワークステーションに knife-xenserver インストール


Chef 管理サーバに root ユーザでログインし、以下のように gem でインストールします。
# /opt/chef/embedded/bin/gem install knife-xenserver --no-ri --no-rdoc
Fetching: terminal-table-1.4.5.gem (100%)
Fetching: excon-0.25.3.gem (100%)
Fetching: formatador-0.2.4.gem (100%)
Fetching: net-scp-1.1.2.gem (100%)
Fetching: ruby-hmac-0.4.0.gem (100%)
Fetching: fog-1.14.0.gem (100%)
Fetching: colored-1.2.gem (100%)
Fetching: uuidtools-2.1.4.gem (100%)
Fetching: knife-xenserver-1.3.2.gem (100%)
Fetching: mini_portile-0.5.1.gem (100%)
Successfully installed terminal-table-1.4.5
Successfully installed excon-0.25.3
Successfully installed formatador-0.2.4
Successfully installed net-scp-1.1.2
Successfully installed ruby-hmac-0.4.0
Successfully installed fog-1.14.0
Successfully installed colored-1.2
Successfully installed uuidtools-2.1.4
Successfully installed knife-xenserver-1.3.2
Successfully installed mini_portile-0.5.1
10 gems installed
ちゃんとインストールされたか確認してみます。
chef ユーザにスイッチし、ワークステーションで以下のように knife コマンドを実行します。
# su - chef
$ knife xenserver --help
FATAL: Cannot find sub command for: 'xenserver --help'
Available xenserver subcommands: (for details, knife SUB-COMMAND --help)

** XENSERVER COMMANDS **
knife xenserver vm list (options)
knife xenserver sr create (options)
knife xenserver vm poweron VM_NAME [VM_NAME] (options)
knife xenserver network list
knife xenserver vm delete VM_NAME [VM_NAME] (options)
knife xenserver sr list (options)
knife xenserver template create
knife xenserver vm create (options)
knife xenserver vm poweroff VM_NAME [VM_NAME] (options)
knife xenserver host list (options)
knife xenserver template list
上記のように、使用方法が表示されたらOKです。
こんどは、XenServerに接続できるように設定します。
~/.chef/knife.rb ファイルに以下のように XenServerホストへの接続情報を記述します。(赤字部分)
log_level                :info
log_location             STDOUT
node_name                'chef'
client_key               '/home/chef/.chef/chef.pem'
validation_client_name   'chef-validator'
validation_key           '/home/chef/.chef/validation.pem'
chef_server_url          'https://192.168.1.67'
syntax_check_cache_path  '/home/chef/.chef/syntax_check_cache'
cookbook_path [ '/home/chef/chef-repo/cookbooks' ]

knife[:xenserver_password] = 'password'
knife[:xenserver_username] = 'root'
knife[:xenserver_host]     = '192.168.1.222'
knife コマンドで XenServer へ接続できるか試してみます。
以下のように knife コマンドを実行して、ホストのリストを表示します。
$ knife xenserver host list
Connecting to XenServer host 192.168.1.222...
+-------+--------------------------------------+
| NAME  | UUID                                 |
+-------+--------------------------------------+
| xs200 | 82a896d8-7a0d-4c52-b450-1e33f43q7c33 |
+-------+--------------------------------------+
XenServer ホストが表示されたらOKです。

2.仮想マシンの作成


XenServerのテンプレートから新規の仮想マシンを作成して、apache のレシピを適用してみます。
仮想マシン作成時に指定できるパラメータは、以下のとおり。
# knife xenserver vm create --help
knife xenserver vm create (options)
        --batch script.yml           Use a batch file to deploy multiple VMs
        --bootstrap-version VERSION  The version of Chef to install
        --node-name NAME             The Chef node name for your new node
    -s, --server-url URL             Chef Server URL
    -k, --key KEY                    API Client Key
        --[no-]color                 Use colored output, defaults to enabled
    -c, --config CONFIG              The configuration file to use
        --defaults                   Accept default values for all questions
        --disable-editing            Do not open EDITOR, just accept the data as is
    -d, --distro DISTRO              Bootstrap a distro using a template; default is 'ubuntu10.04-gems'
    -e, --editor EDITOR              Set the editor to use for interactive commands
    -E, --environment ENVIRONMENT    Set the Chef environment
        --extra-vdis "SR name":size1[,"SR NAME":size2,..]
                                     Create and attach additional VDIs (size in MB)
    -F, --format FORMAT              Which format to use for output
        --[no-]host-key-verify       Disable host key verification
    -i IDENTITY_FILE,                The SSH identity file used for authentication
        --identity-file
        --keep-template-networks     Do no remove template inherited networks (VIFs)
    -M, --mac-addresses mac[,mac..]  Mac address list
    -u, --user USER                  API Client Username
        --print-after                Show the data after a destructive operation
    -r, --run-list RUN_LIST          Comma separated list of roles/recipes to apply
        --skip-bootstrap             Skip bootstrap process (Deploy only mode)
    -P, --ssh-password PASSWORD      The ssh password
    -x, --ssh-user USERNAME          The ssh username; default is 'root'
        --template-file TEMPLATE     Full path to location of template to use
    -V, --verbose                    More verbose output. Use twice for max verbosity
    -v, --version                    Show chef version
        --vm-cpus AMOUNT             The VCPUs of the Virtual Machine
        --vm-dns NAMESERVER          DNS servers to set in xenstore
        --vm-domain DOMAIN           DOMAIN of host to set in xenstore
        --vm-gateway GATEWAY         Gateway address to set in xenstore
        --vm-ip IP                   IP address to set in xenstore
        --vm-memory AMOUNT           The memory limits of the Virtual Machine
        --vm-name NAME               The Virtual Machine name
        --vm-netmask NETMASK         Netmask to set in xenstore
    -N network[,network..],          Network where nic is attached to
        --vm-networks
        --vm-tags tag1[,tag2..]      Comma separated list of tags
        --vm-template NAME           The Virtual Machine Template to use
        --xenserver-host ADDRESS     Your XenServer host address
        --xenserver-password PASSWORD
                                     Your XenServer password
        --xenserver-username USERNAME
                                     Your XenServer username (default 'root')
    -y, --yes                        Say yes to all prompts for confirmation
    -h, --help                       Show this message
では、仮想マシンを作成してみます。
ワークステーションで以下のようにコマンドを実行します。
$ knife xenserver vm create --vm-template 84test -x root -P password --vm-name 84test_new --vm-ip 192.168.1.88 --vm-netmask 255.255.255.0 --vm-gateway 192.168.1.1 --vm-dns 192.168.1.110 --vm-domain example.com --keep-template-networks -r "recipe[apache]" -s 'https://192.168.1.67' -d chef-full
以下のようなエラーになりました。
192.168.1.88 ########################################### [100%]
192.168.1.88 Thank you for installing Chef!
192.168.1.88 Starting Chef Client, version 11.4.4
192.168.1.88 Creating a new client identity for 84test_new using the validator key.
192.168.1.88 resolving cookbooks for run list: ["apache"]
192.168.1.88 Synchronizing Cookbooks:
192.168.1.88
192.168.1.88 ================================================================================
192.168.1.88 Error Syncing Cookbooks:
192.168.1.88 ================================================================================
192.168.1.88
192.168.1.88
192.168.1.88 Networking Error:
192.168.1.88 -----------------
192.168.1.88 Error connecting to https://centos6g/bookshelf/organization-00000000000000000000000000000000/checksum-63031b1f846e733e4e86edbe1e4f3b15?AWSAccessKeyId=2712ba85d3a48f1f41ef4eeac314d96fd8b7fc41&Expires=1375431720&Signature=vsjDcJjA8U5LplOU4qznYpB3/hM%3D - getaddrinfo: Name or service not known
192.168.1.88
192.168.1.88 Your chef_server_url may be misconfigured, or the network could be down.
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 Relevant Config Settings:
192.168.1.88 -------------------------
192.168.1.88 chef_server_url  "https://192.168.1.67"
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 [2013-08-02T17:05:40+09:00] ERROR: Running exception handlers
192.168.1.88 [2013-08-02T17:05:40+09:00] FATAL: Saving node information to /var/chef/cache/failed-run-data.json
192.168.1.88 [2013-08-02T17:05:40+09:00] ERROR: Exception handlers complete
192.168.1.88 Chef Client failed. 0 resources updated
192.168.1.88 [2013-08-02T17:05:40+09:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
192.168.1.88 [2013-08-02T17:05:40+09:00] FATAL: SocketError: Error connecting to https://centos6g/bookshelf/organization-00000000000000000000000000000000/checksum-63031b1f846e733e4e86edbe1e4f3b15?AWSAccessKeyId=2712ba85d3a48f1f41ef4eeac314d96fd8b7fc41&Expires=1375431720&Signature=vsjDcJjA8U5LplOU4qznYpB3/hM%3D - getaddrinfo: Name or service not known
ホスト名(cehtos6g)でChefサーバにアクセスしようとしているので、テンプレートの /etc/hosts に "centos6g" を追加します。
テンプレートの /usr/sbin/xe-set-hostname で /etc/hosts を作成している処理を修正しました。(赤字部分)
# change hosts
cp /etc/hosts /etc/hosts.ORG
cat << EOF > /etc/hosts
127.0.0.1localhost localhost.localdomain
192.168.1.67    centos6g
$IP$NAME.$DOMAIN$NAME
EOF
テンプレートを作り直して、再度、knifeコマンドを実行すると、以下のエラーになりました。
192.168.1.88 Thank you for installing Chef!
192.168.1.88 Starting Chef Client, version 11.4.4
192.168.1.88 Creating a new client identity for 84test_new using the validator key.
192.168.1.88
192.168.1.88 ================================================================================
192.168.1.88 Chef encountered an error attempting to create the client "84test_new"
192.168.1.88 ================================================================================
192.168.1.88
192.168.1.88
192.168.1.88 Authorization Error:
192.168.1.88 --------------------
192.168.1.88 Your validation client is not authorized to create the client for this node (HTTP 403).
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 Possible Causes:
192.168.1.88 ----------------
192.168.1.88 * There may already be a client named "84test_new"
192.168.1.88 * Your validation client (chef-validator) may have misconfigured authorization permissions.
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 [2013-08-02T15:50:28+09:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
192.168.1.88 [2013-08-02T15:50:28+09:00] FATAL: Net::HTTPServerException: 403 "Forbidden"
 
最初のknifeコマンド実行で、クライアント(84test_new)とノード(84test_new)がChefサーバに登録成功していたようです。
2回目のknifeコマンド実行で、登録済でエラーになりました。
knifeコマンド(または、WebUI) を使用して、クライアント(84test_new)とノード(84test_new)を削除します。
$ knife client delete 84test_new
$ knife node delete 84test_new
再度、knifeコマンドを実行すると、今度は成功しました。
実行結果は以下のとおり
Connecting to XenServer host 192.168.1.222...
Creating VM 84test_new...
Using template 84test [uuid: 15c44025-aacc-c4df-7309-d56255951f10]...
Adding attributes to xenstore...
VM Name: 84test_new
VM Memory: 512 MB

Waiting server...
Trying to SSH to 192.168.1.88... ...... done
Bootstrapping Chef on 192.168.1.88
192.168.1.88   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
192.168.1.88                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
178   178  178   178    0     0    412      0 --:--:-- --:--:-- --:--
178   178  178   178    0     0    411      0 --:--:-- --:--:-- --:--:--   931
100  6509  100  6509    0     0   4307      0
100  6509  100  6509    0     0   4306      0  0:00:01  0:00:01 --:--:--     0
192.168.1.88 Downloading Chef 11.4.4 for el...
192.168.1.88   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Cur
192.168.1.88 rent
192.168.1.88                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0
192.168.1.88   0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

~ 省略 ~

192.168.1.88 Installing Chef 11.4.4
192.168.1.88 警告: /tmp/tmp.Ee63SWLe/chef-11.4.4.i686.rpm: ヘッダ V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
192.168.1.88 準備中...
192.168.1.88 ########################################    (100%)
192.168.1.88
192.168.1########################################### [100%]
192.168.1.88    1:chef
192.168.1.88                                             (  1%)
192.168.1.88 #                                           (  3%)

~ 省略 ~

192.168.1.88 ########################################### [100%]
192.168.1.88 Thank you for installing Chef!
192.168.1.88 Starting Chef Client, version 11.4.4
192.168.1.88 Creating a new client identity for 84test_new using the validator key.
192.168.1.88 resolving cookbooks for run list: ["apache"]
192.168.1.88 Synchronizing Cookbooks:
192.168.1.88   - apache
192.168.1.88 Compiling Cookbooks...
192.168.1.88 Converging 3 resources
192.168.1.88 Recipe: apache::default
192.168.1.88   * package[httpd] action install
192.168.1.88
192.168.1.88     - install version 2.2.15-28.el6.centos of package httpd
192.168.1.88
192.168.1.88   * template[/etc/httpd/conf/httpd.conf] action create
192.168.1.88
192.168.1.88     - update template[/etc/httpd/conf/httpd.conf] from beb8a6 to 75b1e1
192.168.1.88         --- /etc/httpd/conf/httpd.conf     2013-04-29 17:09:52.000000000 +0900
192.168.1.88         +++ /tmp/chef-rendered-template20130802-1400-1xo8zmx       2013-08-02 17:36:57.685862786 +0900
192.168.1.88         @@ -41,7 +41,7 @@
192.168.1.88          # Don't give away too much information about all the subcomponents
192.168.1.88          # we are running.  Comment out this line if you don't mind remote sites
192.168.1.88          # finding out what major optional modules you are running
192.168.1.88         -ServerTokens OS
192.168.1.88         +ServerTokens Prod
192.168.1.88
192.168.1.88          #
192.168.1.88          # ServerRoot: The top of the directory tree under which the server's
192.168.1.88         @@ -259,7 +259,7 @@
192.168.1.88          # e-mailed.  This address appears on some server-generated pages, such
192.168.1.88
192.168.1.88          # as error documents.  e.g. admin@your-domain.com
192.168.1.88          #
192.168.1.88         -ServerAdmin root@localhost
192.168.1.88         +ServerAdmin admin@example.com
192.168.1.88
192.168.1.88          #
192.168.1.88          # ServerName gives the name and port that the server uses to identify itself.
192.168.1.88         @@ -273,7 +273,7 @@
192.168.1.88          # You will have to access it by its address anyway, and this will make
192.168.1.88          # redirections work in a sensible way.
192.168.1.88          #
192.168.1.88         -#ServerName www.example.com:80
192.168.1.88         +ServerName 127.0.0.1:80
192.168.1.88
192.168.1.88          #
192.168.1.88          # UseCanonicalName: Determines how Apache constructs self-referencing
192.168.1.88
192.168.1.88
192.168.1.88   * service[httpd] action enable
192.168.1.88
192.168.1.88     - enable service service[httpd]
192.168.1.88
192.168.1.88
192.168.1.88   * service[httpd] action start
192.168.1.88
192.168.1.88     - start service service[httpd]
192.168.1.88
192.168.1.88
192.168.1.88   * service[httpd] action restart
192.168.1.88
192.168.1.88     - restart service service[httpd]
192.168.1.88
192.168.1.88 Chef Client finished, 5 resources updated

Name: 84test_new
IP Address: 192.168.1.88
Environment: _default
Run List: recipe[apache]
Done!
仮想マシンがChefサーバへ登録されているか見てみます。
$ knife node list
84test_new
centos6h
$ knife client list
84test_new
centos6h
chef-validator
chef-webui
knife コマンド一発で以下のように処理が流れたようです。
  1. テンプレートから仮想マシン生成
  2. sshで仮想マシンにログイン
  3. Opscode のWEBサイトから Chefをダウンロード
  4. Chefクライアントをインストール
  5. Chefサーバに登録
  6. レシピ(apache)実行
最初からテンプレートに、Chefクライアントをインストールしておけば、"--skip-bootstrap" を指定して knfeコマンドを実行することで、上記3,4はスキップできそうです。(試していませんが)